VYPR
← All advisories
Unrated severityNVD Advisory· Published Jul 27, 2011· Updated Apr 29, 2026

CVE-2011-2710

CVE-2011-2710

Description

Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URI to includes/application.php, reachable through index.php; and, when Internet Explorer or Konqueror is used, (2) allow remote attackers to inject arbitrary web script or HTML via the searchword parameter in a search action to index.php in the com_search component. NOTE: vector 2 exists because of an incomplete fix for CVE-2011-2509.5.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Joomla! before 1.7.0 contains multiple XSS flaws in includes/application.php (URI) and com_search (searchword parameter, IE/Konqueror).

Vulnerability

CVE-2011-2710 describes multiple cross-site scripting (XSS) vulnerabilities in Joomla! versions before 1.7.0. The first vector exists in includes/application.php, reachable via index.php, where the URI is not properly sanitized. The second vector affects the com_search component: the searchword parameter in a search action to index.php is not sanitized, and this issue is exploitable when Internet Explorer or Konqueror is used. Version 1.7.0-RC and all versions of the 1.6.x series are affected [1][2][3].

Exploitation

An attacker can exploit these XSS flaws by crafting a malicious URL containing injected web script or HTML in the searchword parameter or directly in the URI. For the searchword vector, the attacker must lure a victim using Internet Explorer or Konqueror to visit the crafted URL. No authentication is required; the attack is remote and does not need any special network position beyond reaching the Joomla! web server [3].

Impact

Successful exploitation allows a remote attacker to inject arbitrary web script or HTML into the victim's browser session. This can lead to information disclosure, session hijacking, or other client-side attacks, depending on the payload executed in the context of the vulnerable Joomla! site [2][3].

Mitigation

The vulnerability is fixed in Joomla! version 1.7.0. Users should upgrade to 1.7.0 or later. There is no evidence that this CVE is listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of the publication date. For those who cannot upgrade, ensure that untrusted input is filtered and consider disabling the com_search component if it is not required [1][4].

References
  1. oss-security - Re: CVE Request: Joomla! 1.7.0-RC and lower
  2. oss-security - CVE Request: Joomla! 1.7.0-RC and lower
  3. http://yehg.net/lab/pr0js/advisories/joomla/core/%5Bjoomla_1.7.0-rc%5D_cross_site_scripting%28XSS%29
  4. oss-security - Re: Fwd: XSS vulnerability in Joomla 1.6.3 - CVE-2011-2710

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

50
  • Joomla/Joomla!50 versions
    cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*+ 49 more
    • cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*range: <=1.6.6
    • cpe:2.3:a:joomla:joomla\!:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.10:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.11:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.12:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.13:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.14:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.15:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.15:rc:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.16:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.17:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.18:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.19:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.20:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.21:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.22:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.23:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.4:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.5:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.6:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.7:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.8:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.5.9:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:alpha:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:alpha2:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta1:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta10:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta11:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta12:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta13:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta14:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta15:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta2:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta3:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta4:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta5:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta6:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta7:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta8:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:beta9:*:*:*:*:*:*
    • cpe:2.3:a:joomla:joomla\!:1.6:rc1:*:*:*:*:*:*
    • (no CPE)range: <1.7.0

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"User-controllable input (Request URI and searchword parameter) is not sanitized or HTML-escaped before being reflected in output, enabling cross-site scripting."

Attack vector

Two attack vectors exist. First, an attacker can inject arbitrary script into the Request URI path — any URL under `/index.php/...` containing a payload like `'">

Affected code

The vulnerable code is in `includes/application.php` at lines 176 and 181, where `JURI::current()` is passed directly to `$document->setBase()` without HTML-escaping [ref_id=2]. Additionally, the `searchword` parameter in the `com_search` component is not properly sanitized when submitted to `/index.php` [ref_id=1][ref_id=2][ref_id=3].

What the fix does

The advisory states that the fix was released in Joomla! 1.7.0-stable [ref_id=2]. No patch diff is provided in the bundle, but the researcher notes that the Request URI XSS is fixed by wrapping `JURI::current()` with `htmlspecialchars()` in `includes/application.php` [ref_id=2]. For the `searchword` vector, the advisory notes it was an incomplete fix of a previously reported issue (CVE-2011-2509) and was fully resolved in 1.7.0-stable [ref_id=1][ref_id=2][ref_id=3].

Preconditions

  • authNo authentication required; the attack works against unauthenticated visitors
  • inputAttacker must craft a malicious URL or POST request containing XSS payload in the searchword parameter or the URI path
  • configFor the searchword vector, the victim must use Internet Explorer or Konqueror browser
  • configTarget must be running Joomla! 1.7.0-RC or any 1.6.x version

Reproduction

**Vector 1 — Request URI XSS:** Browse to a URL such as `http://target/joomla/index.php/using-joomla/extensions/components/news-feeds-component/new-feed-categories/'">

Generated on May 25, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

6

News mentions

0

No linked articles in our index yet.